Sr. Director Information Security GRC

Job Description

NRECA is a unique national trade association providing advocacy, financial services and business support services to over 900 consumer owned electric cooperatives across the country.  NRECA employees are united by our mission, inclusive culture, collaborative workplace and commitment to service excellence.  As a “best place to work” employer, we operate with integrity, transparency and a spirit of innovation.

Join IT at NRECA where we are more than a team, we are a community. Guided by the core tenets of Simplicity, Security, Continuity, Transparency, and Flexibility, we strive to deliver business value through collaboration, ideation, and innovation. Become an integral part of a community driven to continuously improve our processes and transform how we work – in partnership with our colleagues and in service to our members. This is a Hybrid role located in Arlington, VA.

Summary of Position

This position leads the Governance, Risk and Compliance (GRC) team within the Cybersecurity organization. They will advise and collaborate with technical staff and business owners to identify and assess controls to safeguard NRECA data and information systems. We are seeking a candidate who can execute a comprehensive cybersecurity risk management using a detailed understanding of risk management frameworks, multiple security domains, and the NRECA organization. Manages cybersecurity risk assessments, monitors regulatory compliance requirements, and develops processes for identifying and managing risk. Supports the Chief Information Security Officer in strategic planning efforts and assessment of company strategies and practices relating to cybersecurity.

Key Responsibilities

• Drive the strategy and execution of Cybersecurity GRC, overseeing compliance, risk management, and data protection. Lead a team, providing mentorship, training, and career development.

• Shape cybersecurity and IT strategy in collaboration with leadership and stakeholders.
• Promote governance initiatives, risk awareness, and cross-functional support.
• Develop risk mitigation models and oversee IT security policies, exceptions, and approvals.
• Conduct cybersecurity risk assessments and advise on risk within business decisions.
• Establish metrics to evaluate security program effectiveness and align with business goals.

Qualifications

Required Qualifications and Skills

• Bachelor’s in Computer Science, Management Information Systems, Information Security or related field. Master's degree preferred.
• 15+ years of experience in Information Security, with 10+ in risk and compliance, IT operations, or security engineering, and 5+ years of experience in performing security control assessments.
• 12+ years successfully recruiting, managing, and retaining highly talented and motivated staff.
• Experience with a variety of technology disciplines, such as: software development, systems engineering, systems integration, and technology evaluation.
• Experience leading complex technology initiatives involving multiple businesses including the use of RFI, RFP, and contractual service requirements.
• Experience with network design, topologies, and architectures; security architecture (cloud and on-premises), IAM technologies, PKI and PIV standards, and Cloud technologies.
• Experience with external Third-Party Management

Preferred Certifications

• Information Systems Security Professional (CISSP)
• Risk and Information Systems Control (CRISC)
• Information Security Manager (CISM)
• Certified Information Systems Auditor (CISA)
• Governance of Enterprise IT (CGEIT)
• Global Information Assurance Certification (GIAC) Security Expert
• AWS Certified Solutions Architect – Associate
• Project Management Professional (PMP)

Essential Physical Requirements

• The worker is required to have close visual acuity to perform an activity such as: preparing and analyzing data and figures; transcribing; viewing a computer terminal and extensive reading.
• Exerting up to 20 pounds of force occasionally, and/or up to 10 pounds of force frequently, and/or a negligible amount of force constantly to move objects. If the use of arm and/or leg controls requires exertion of forces greater than that for sedentary work and the worker sits most of the time, the job is rated for light work.

Additional Requirement:

The preceding job description has been written to reflect management’s assignment of essential functions. It does not prescribe or restrict the tasks that may be assigned.  All qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, or other legally protected status.

NRECA is committed to working with and providing reasonable accommodation to individuals with physical and mental disabilities. If you need special assistance or an accommodation while seeking employment, please e-mail humanresources@nreca.coop or call: 703-907-5992 - NRECA Arlington Human Resources. Please call 402-483-9275 - NRECA Lincoln Human Resources, for Lincoln, NE employment opportunities. We will make a determination on your request for reasonable accommodation on a case-by-case basis.

The U.S. Equal Employment Opportunity Commission (EEOC) recently released the 'Know Your Rights' poster, which updates and replaces the previous "EEO is the Law" poster and "EEO Is the Law Poster Supplement". 

Pay Transparency Non-Discrimination. NRECA will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay. Please see the Pay Transparency Nondiscrimination Provision for more information.

E-Verify. As a Federal Contractor, NRECA is required to participate in the E-Verify Program to confirm eligibility to work in the United States. For information please click on the following link: E-Verify.

For more information about life at NRECA please visit www.Electric.coop.